Ah shoot I’ve been leaked. Unfortunately I don’t have any sort of 2FA app on my iPad. Could someone link me a website or app? I need to set this up so I don’t get hacked...
Authy is a strong recommendation. Note again, no passwords were leaked. So there is no immediate "hacking" risk unless you use the same password on EMC that you used on another website that did leak passwords. If you did, then yes someone could log into your EMC account potentially, but if you have unique and secure passwords, then there is not really a risk there. But regardless, we do encourage using two factor authentication on everything you can.
All my accounts except 1 alt (which I didn't have at that time) was on the list. Kudos to them if they can guess my MC password. I don't even know it. I used an app to create it. Now if I lose my USB, it can be a very big problem using that account again.
This account's email didn't get leaked but my alt did but its ok because it doesn't have my name in it and the address is from my 12 year old self which i still use to this day but just for backup accounts and my youtube now...
Was the link with the username/email combos viewed publicly by other players/people? Is it still getting sent around?
Once an email is public, its public. It's on a site with lots of other leaks too. Consider it visible to anyone.
Oh. Well, then I am glad that I wasn't in the dump, actually. Although what you say might mean that people that know where to look could already find my e-mail address through my username.
Well, just seeing this 2 of my 3 accounts got leaked this and an alt I guess I havent noticed much, if any spam on either emails but still thanks for telling us!
And this is why I use a password manager as well as 2-Factor Auth (where possible.. *still waiting for mojang to implement 2fa*)).. both of my forum identities were leaked apparently :/
2 factor authentication only does so much though. In fact, it could even work against you in some cases. The real keyword here though is: do not use 1 password for a multitude of websites. Use a different password for every website and every service you use. If this becomes too much of a hassle then definitely rely on a password manager of some sorts. Seriously: even storing your passwords using a major browser (Opera, FireFox, Chrome, etc.) is better than just using an "easy to remember password" on every site you attend.
In regards to using a password manager, I find it useful to have one that also has the ability to generate passwords that are quite secure. My recommendations for generating a secure password would be a Unique, Non-Pronounceable password with at least 25+ characters, consisting of alphanumerics (letters and symbols, both UPPER and lower case) and symbols. The only exceptions to the above recommendations would be for those places (such as a few government websites) that limit valid passwords to either short lengths (such as 8 characters, from personal experience), or only letters and numbers.
The premise of your question is misguided. Does it matter if you use the same password on all unimportant sites? Technically no. Importance is up to each individual. But that does not justify using that same password everywhere. It is my opinion that ShelLuser's comment was directed towards password selection for all of your non-unimportant sites. Notice my double negative there; it was intentional. Speaking generally, the most common password issues in the modern internet, is when a site is compromised leaking the passwords (didn't happen here). This is completely out of our (the users) control. What is in our control, is whether that one password will also compromise all of your other online profiles since someone reused passwords.
Yeah, true. But nowadays there are quite some sites that require you to create an account complete with password, but don't hold any sensitive information, and don't have your persona attached to it. On those sites, I feel like you could enter a bad, identical password. Sure, those sites are especially likely to have their passwords leaked. I haven't ever had any trouble with it, however. Some of my accounts got broken into, but when that happened, it was only the specific account, and not any others.
Unfortunately both my emails were leaked. I used the pwn website and found out that EMC wasn't the only Minecraft related thing to have emails/passwords stolen in December 2015.
While this list has existed since it was created (obviously), I don't think it has been public until the last few months. There is a very slim potential that this could have affected spam rates, but most likely this list is too small for spammers to care.